FB pixel

Implementing passwordless in device-restricted environments

Implementing passwordless in device-restricted environments
 

By Rohan Pinto, CTO for 1Kosmos

The increasing reliance on mobile devices for implementing secure, passwordless authentication in workplace settings presents a significant and evolving challenge, especially in environments where the use of mobile technology is heavily restricted, sometimes called Sensitive Compartmented Information Facilities. For example, high-security/privacy call centers, manufacturing floors, or sterile clean rooms — places where traditional methods of authentication, reliant on passwords or mobile devices, fall short.

This is not just a minor inconvenience; it’s a significant barrier to maintaining both security and operational efficiency. In these unique workspaces, password- and device-based authentication not only jeopardizes security but also hampers workflow, creating a critical need for a revolutionary approach.

Understanding the problem

Mobile devices are typically prohibited in call centers, manufacturing environments, shared kiosks and clean rooms due to a confluence of security, safety, and quality control reasons.

In call centers, mobile devices pose a risk of data breaches or unauthorized recording of sensitive information, thereby compromising customer privacy and organizational confidentiality.

In manufacturing settings, they can be a source of distraction, potentially leading to accidents or errors in high-precision work; their electromagnetic interference can also disrupt sensitive machinery.

In clean rooms, used in semiconductor manufacturing or biotech research, mobile devices can introduce contaminants or particulate matter, undermining the stringent sterility and cleanliness standards required.

While shared kiosks, common in banking and retail settings, are at risk from financial fraud.

Additionally, in all these environments, the use of personal devices can facilitate intellectual property theft or corporate espionage. Therefore, the exclusion of mobile devices is a critical measure to ensure security, safety, and the integrity of products and processes.

Authentication obstacles

Implementing identity-based passwordless authentication in workstation-independent environments poses several unique challenges. First and foremost is the issue of interoperability and ensuring that authentication operates seamlessly across a diverse array of systems and workstations. This includes avoiding repetitive registration steps which lead to user friction and inconvenience.

Another critical challenge, without the benefit of mobile devices for biometric authentication, is implementing phishing and credential theft-resistant authentication to protect against advanced threats.

Cost and scalability also represent significant hurdles. Providing individual hardware tokens to each user is expensive in large-scale deployments and introduces productivity risks associated with forgotten, lost, damaged or shared security keys.

Lastly, the need for user convenience and accessibility cannot be understated. Passwordless authentication must not only be secure and robust but also user-friendly and accessible to all employees, irrespective of their technical expertise. This requirement ensures that the system is inclusive and practical for the entire workforce, a crucial factor in its successful implementation and adoption.

FIDO-compliant keys

A promising approach to solving this problem involves the use of FIDO-compliant keys. FIDO (Fast IDentity Online) keys offer a secure and user-friendly way to authenticate without passwords. They can allow employees to move freely between workstations, logging in quickly and securely without passwords or personal devices.

A biometric FIDO security key, when permanently integrated into a device, can allow access to any protected workstation, using biometric data for authentication. This approach not only enhances security but also significantly improves user convenience.

Moreover, adopting public key cryptography in this framework ensures that even if credentials were compromised, the lack of the corresponding private key would render the stolen information useless. This method adds an extra layer of security, safeguarding against common cyber threats.

Finally, this model reduces costs and logistical challenges associated with managing individual tokens or devices for each employee. Instead, a single key per workstation or a shared biometric system could suffice, simplifying the IT infrastructure.

Best practice recommendations

When planning passwordless authentication for workstation-independent environments here are some guidelines to consider:

  • Biometrics: use biometrics such as fingerprints or facial recognition for secure authentication.
  • Device-less authentication: Implement methods like FIDO keys, combined with biometrics or workstation-based prompts.
  • Single Registration System: Deploy a register-once-use-anywhere architecture that allows users to authenticate across multiple workstations.
  • Integration with existing infrastructure: Use a standards-based approach like FIDO that works with existing IT systems.
  • Robust encryption: Make sure advanced encryption techniques and security protocols are in place to protect data and credentials.
  • User-Centric Design: ensuring the system design is intuitive and minimizes workflow disruption.
  • Compliance: create and enforce policies to adhere to security and privacy standards that govern your industry.

Transitioning to passwordless authentication in environments where mobile devices are prohibited presents unique challenges but also offers an opportunity to modernize digital security. By embracing biometrics, robust encryption, FIDO-compliant keys, and user-centric design, organizations can create a more secure, efficient, and low friction work environment.

About the author

Rohan Pinto is CTO of 1Kosmos. He previously architected security infrastructure for the Government of Ontario and the Health Information Access Layer for the Province of British Columbia, and is involved in establishing the United States Department of Defense’s Security Access Layer using Common Access Cards (CAC). Pinto is also an active member of the Decentralized Identity Foundation and the FIDO (Fast Identity Online) Alliance.

Related Posts

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

SITA wraps up acquisition of Materna IPS

SITA reports it has completed all necessary regulatory and legal procedures and finalized its acquisition of Materna IPS, a provider…

 

Payface lands new retail biometric payments deal in Brazil

Brazilian face biometrics payments startup Payface has clinched a deal with supermarket chain Ítalo. Ítalo Supermercados, based in the southern…

 

EU to fund digital programs with €108m, including digital identity

The European Union has issued a new call for funding within the Digital Europe Programme (DIGITAL), allocating over 108 million…

 

Lawmakers try again to kill diversion of TSA screening tech funds

Because of Washington partisan politics, the U.S. Transportation Security Administration (TSA) doesn’t expect to be able to field upgraded and…

 

Florida tosses mDL program into the Gulf

Florida’s mobile driver’s license has been shut down, making the state a rare case in the world of a place…

 

FBI biometric fingerprint lab gets a party on its 100th birthday

The Federal Bureau of Investigation (FBI) is celebrating the centennial of its fingerprint lab. A release from the agency says…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events